From fddd3de664918ce07a041e420e356ab4a6ffaa76 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Tue, 2 May 2017 12:48:03 -0400
Subject: [PATCH] Got started adding internal usage. A lot more work to handle
 this than I originally thought

---
 .../Exceptions/InternalUseOnlyException.php   | 10 +++++++
 .../Exceptions/SessionNotActiveException.php  | 16 ++++++++++
 api/Controllers/InternalApiController.php     | 16 ++++++++++
 .../ResendTicketEmailToCustomerController.php | 26 +++++++++++++++++
 api/index.php                                 | 27 +++++++++++++++--
 inc/admin_functions.inc.php                   | 29 ++++++++++++++-----
 6 files changed, 115 insertions(+), 9 deletions(-)
 create mode 100644 api/BusinessLogic/Exceptions/InternalUseOnlyException.php
 create mode 100644 api/BusinessLogic/Exceptions/SessionNotActiveException.php
 create mode 100644 api/Controllers/InternalApiController.php
 create mode 100644 api/Controllers/Tickets/ResendTicketEmailToCustomerController.php

diff --git a/api/BusinessLogic/Exceptions/InternalUseOnlyException.php b/api/BusinessLogic/Exceptions/InternalUseOnlyException.php
new file mode 100644
index 00000000..99bbee4d
--- /dev/null
+++ b/api/BusinessLogic/Exceptions/InternalUseOnlyException.php
@@ -0,0 +1,10 @@
+<?php
+
+namespace BusinessLogic\Exceptions;
+
+
+class InternalUseOnlyException extends ApiFriendlyException {
+    function __construct() {
+        parent::__construct("This endpoint can only be used internally", "Internal Use Only", 400);
+    }
+}
\ No newline at end of file
diff --git a/api/BusinessLogic/Exceptions/SessionNotActiveException.php b/api/BusinessLogic/Exceptions/SessionNotActiveException.php
new file mode 100644
index 00000000..89c2340e
--- /dev/null
+++ b/api/BusinessLogic/Exceptions/SessionNotActiveException.php
@@ -0,0 +1,16 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: cokoch
+ * Date: 5/2/2017
+ * Time: 12:28 PM
+ */
+
+namespace BusinessLogic\Exceptions;
+
+
+class SessionNotActiveException extends ApiFriendlyException {
+    function __construct() {
+        parent::__construct("You must be logged in to call internal API methods", "Authentication Required", 401);
+    }
+}
\ No newline at end of file
diff --git a/api/Controllers/InternalApiController.php b/api/Controllers/InternalApiController.php
new file mode 100644
index 00000000..38188528
--- /dev/null
+++ b/api/Controllers/InternalApiController.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace Controllers;
+
+
+use BusinessLogic\Exceptions\InternalUseOnlyException;
+use BusinessLogic\Helpers;
+
+abstract class InternalApiController {
+    function checkForInternalUseOnly() {
+        $tokenHeader = Helpers::getHeader('X-AUTH-TOKEN');
+        if ($tokenHeader === null || trim($tokenHeader) === '') {
+            throw new InternalUseOnlyException();
+        }
+    }
+}
\ No newline at end of file
diff --git a/api/Controllers/Tickets/ResendTicketEmailToCustomerController.php b/api/Controllers/Tickets/ResendTicketEmailToCustomerController.php
new file mode 100644
index 00000000..0d627e17
--- /dev/null
+++ b/api/Controllers/Tickets/ResendTicketEmailToCustomerController.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Controllers\Tickets;
+
+
+use BusinessLogic\Tickets\TicketRetriever;
+use Controllers\InternalApiController;
+
+class ResendTicketEmailToCustomerController extends InternalApiController {
+    function get($ticketId) {
+        global $applicationContext, $userContext, $hesk_settings;
+
+        $this->checkForInternalUseOnly();
+
+        /* @var $ticketRetriever TicketRetriever */
+        $ticketRetriever = $applicationContext->get[TicketRetriever::class];
+        $ticket = $ticketRetriever->getTicketById($ticketId, $hesk_settings, $userContext);
+
+        $reply = -1;
+        if (isset($_GET['replyId'])) {
+            $reply = $_GET['replyId'];
+        }
+
+        //-- TODO Get reply if necessary including all attachments :O
+    }
+}
\ No newline at end of file
diff --git a/api/index.php b/api/index.php
index 079fd851..5c086a6b 100644
--- a/api/index.php
+++ b/api/index.php
@@ -18,8 +18,14 @@ function handle404() {
 function before() {
     assertApiIsEnabled();
 
-    $token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN');
-    buildUserContext($token);
+    $internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
+
+    if ($internalUse === 'true') {
+        buildUserContextFromSession();
+    } else {
+        $token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN');
+        buildUserContext($token);
+    }
 }
 
 function assertApiIsEnabled() {
@@ -36,6 +42,19 @@ function assertApiIsEnabled() {
     return;
 }
 
+function buildUserContextFromSession() {
+    global $userContext;
+
+    hesk_session_start();
+
+    if (!hesk_isLoggedIn(false)) {
+        throw new \BusinessLogic\Exceptions\SessionNotActiveException();
+    }
+
+    /* @var $userContext \BusinessLogic\Security\UserContext */
+    $userContext = \BusinessLogic\Security\UserContext::fromDataRow($_SESSION);
+}
+
 function buildUserContext($xAuthToken) {
     global $applicationContext, $userContext, $hesk_settings;
 
@@ -161,6 +180,10 @@ Link::all(array(
     // Settings
     '/v1/settings' => \Controllers\Settings\SettingsController::class,
 
+    /* Internal use only routes */
+    // Resend email response
+    '/v1/staff/tickets/{i}/resend-email' => \Controllers\Tickets\ResendTicketEmailToCustomerController::class,
+
     // Any URL that doesn't match goes to the 404 handler
     '404' => 'handle404'
 ));
\ No newline at end of file
diff --git a/inc/admin_functions.inc.php b/inc/admin_functions.inc.php
index 832c5cd4..f2edf27a 100644
--- a/inc/admin_functions.inc.php
+++ b/inc/admin_functions.inc.php
@@ -460,7 +460,7 @@ function hesk_autoLogin($noredirect = 0)
 } // END hesk_autoLogin()
 
 
-function hesk_isLoggedIn()
+function hesk_isLoggedIn($redirect_if_not_logged_in = true)
 {
     global $hesk_settings;
 
@@ -482,8 +482,13 @@ function hesk_isLoggedIn()
         }
 
         hesk_session_stop();
-        header('Location: ' . $url);
-        exit();
+
+        if ($redirect_if_not_logged_in) {
+            header('Location: ' . $url);
+            exit();
+        } else {
+            return false;
+        }
     } else {
         hesk_session_regenerate_id();
 
@@ -493,8 +498,13 @@ function hesk_isLoggedIn()
         // Exit if user not found
         if (hesk_dbNumRows($res) != 1) {
             hesk_session_stop();
-            header('Location: ' . $url);
-            exit();
+
+            if ($redirect_if_not_logged_in) {
+                header('Location: ' . $url);
+                exit();
+            } else {
+                return false;
+            }
         }
 
         // Fetch results from database
@@ -503,8 +513,13 @@ function hesk_isLoggedIn()
         // Verify this session is still valid
         if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) {
             hesk_session_stop();
-            header('Location: ' . $url);
-            exit();
+
+            if ($redirect_if_not_logged_in) {
+                header('Location: ' . $url);
+                exit();
+            } else {
+                return false;
+            }
         }
 
         // Update session variables as needed